rpm/desktop-file-utils
SHA256
1
0
Fork 0
forked from pool/desktop-file-utils
Code Pull Requests Activity

Accepting request 394530 from home:hpjansson:fdo94303

Browse Source 
Add desktop-file-utils-fdo94303-fix-buffer-over-read.patch (fdo#94303).

OBS-URL: https://build.opensuse.org/request/show/394530
OBS-URL: https://build.opensuse.org/package/show/X11:common:Factory/desktop-file-utils?expand=0&rev=50
This commit is contained in:
Dirk Mueller 2016-05-17 13:05:57 +00:00 committed by Git OBS Bridge
parent a9863cfb6a
commit 89e12f8e84
3 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
desktop-file-utils-fdo94303-fix-buffer-over-read.patch Normal file
View File

@ -0,0 +1,34 @@
From cddcd6612b66cb3963920b5f2734850a217d7020 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Mon, 29 Feb 2016 01:50:14 +0100
Subject: [PATCH] validate: Fix buffer over-read on incomplete escape sequence.
https://bugs.freedesktop.org/show_bug.cgi?id=94303
---
src/validate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/validate.c b/src/validate.c
index b4b752e..7403c18 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -1225,6 +1225,16 @@ handle_exec_key (kf_validator *kf,
break;
case '\\':
PRINT_INVALID_IF_FLAG;
+
+ /* Escape character immediately followed by \0? */
+ if (*(c + 1) == '\0') {
+ print_fatal (kf, "value \"%s\" for key \"%s\" in group \"%s\" "
+ "ends in an incomplete escape sequence\n",
+ value, locale_key, kf->current_group);
+ retval = FALSE;
+ break;
+ }
+
c++;
if (*c == '\\' && in_quote)
escaped = !escaped;
--
1.8.4.5

6
desktop-file-utils.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon May 9 21:03:33 CEST 2016 - hpj@suse.com
- Add desktop-file-utils-fdo94303-fix-buffer-over-read.patch
(fdo#94303).
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 10 15:17:27 UTC 2015 - tchvatal@suse.com Tue Mar 10 15:17:27 UTC 2015 - tchvatal@suse.com

4
desktop-file-utils.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package desktop-file-utils # spec file for package desktop-file-utils
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -33,6 +33,7 @@ Patch1: U_trailing-semicolons-are-optional_aec5711.patch
# PATCH-UPSTREAM -- add Cinnamon and EDE desktop environments # PATCH-UPSTREAM -- add Cinnamon and EDE desktop environments
Patch2: U_add-Cinnamon-desktop-environment_50271fe.patch Patch2: U_add-Cinnamon-desktop-environment_50271fe.patch
Patch3: U_add-EDE-desktop-environment_97d6ba3.patch Patch3: U_add-EDE-desktop-environment_97d6ba3.patch
Patch4: desktop-file-utils-fdo94303-fix-buffer-over-read.patch
BuildRequires: glib2-devel BuildRequires: glib2-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: xz BuildRequires: xz
@ -53,6 +54,7 @@ http://freedesktop.org/wiki/Specifications/desktop-entry-spec
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%build %build
%configure \ %configure \